Source/JavaScriptCore: VM::throwException() crashes reproducibly in testapi with...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Aug 2013 17:03:32 +0000 (17:03 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Aug 2013 17:03:32 +0000 (17:03 +0000)
commitf28fb1f137d81b7d642379547e325cafe199bf0a
tree2e8a4d8b44669e66cf2f783f04db52b8d12c0d96
parentf6a6101d34e3e86bcd0485f3ab308ebc184aa281
Source/JavaScriptCore: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT)
https://bugs.webkit.org/show_bug.cgi?id=120472

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
Reviewed by Filip Pizlo.

With the JIT disabled, interpreterThrowInCaller was attempting to throw an error,
but the topCallFrame was not set yet. By passing the error object into interpreterThrowInCaller
throwException can be called when topCallFrame is set.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPathsExceptions.cpp:
(JSC::CommonSlowPaths::interpreterThrowInCaller):
* runtime/CommonSlowPathsExceptions.h:

Renamed genericThrow -> genericUnwind, because this function no longer has the ability
to throw errors. It unwinds the stack in order to report them.
* dfg/DFGOperations.cpp:
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
(JSC::jitThrowNew):
(JSC::jitThrow):
* jit/JITExceptions.h:
* llint/LLIntExceptions.cpp:
(JSC::LLInt::doThrow):

LayoutTests: VM::throwException() crashes reproducibly in testapi with !ENABLE(JIT)
https://bugs.webkit.org/show_bug.cgi?id=120472

Patch by Chris Curtis <chris_curtis@apple.com> on 2013-08-29
Reviewed by Filip Pizlo.
An error that was not being reported before is now caught and being reported.
* media/track/track-cue-rendering-on-resize-expected.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154817 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/media/track/track-cue-rendering-on-resize-expected.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/jit/JITExceptions.cpp
Source/JavaScriptCore/jit/JITExceptions.h
Source/JavaScriptCore/llint/LLIntExceptions.cpp
Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp
Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h